[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnutls] About Future Plans: Private keys encrypted.
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: [Help-gnutls] About Future Plans: Private keys encrypted. |
Date: |
Tue, 15 Nov 2005 23:16:44 +0100 |
User-agent: |
KMail/1.8.2 |
On Tuesday 15 November 2005 20:52, Fran wrote:
> Hello,
> I can see that certtool do not encrypt keys and not support some keys
> generated with openssl (encrypted).
> I can see :
> > int gnutls_x509_privkey_import_pkcs8:
> > This function will convert the given DER or PEM encoded PKCS8 2.0
> > encrypted key to the native gnutls_x509_privkey_t format. The output will
> > be stored in key. Currently only RSA keys can be imported, and flags can
> > only be used to indicate an unencrypted key.
> I think that this is a very high risk security problem for applications
> that use a file key.
You can both encrypt and decrypt pkcs8 keys in gnutls. The only limitation is
that pkcs8 2.0 is supported and not previous versions.
--
Nikos Mavrogiannopoulos